Solving Access Key Pair Loss Issue

Solving Access Key Pair Loss Issue

The key pair is essential for encrypting and decrypting credentials for the EC2 virtual server. In the event of a lost key pair, follow these steps to create a new key pair and continue SSH access to EC2.

Note: This solution involves stopping the EC2 instance. If the instance uses instance store volumes, stopping it may result in data loss. Ensure data backup before proceeding.

  1. Create a New Key Pair

    • Go to the EC2 interface.
    • Select Key Pairs.
    • create vpc for linux instance
    • Select Create key pair.
    • create vpc for linux instance
    • Provide a name, e.g., new-key.
    • Choose RSA and .pem format.
    • Select Create key pair.
    • create vpc for linux instance
    • Note: The private key will be saved locally as new-key.pem, and the public key will be stored on AWS. To access the public key, use Putty.

  2. Retrieve the Public Key

    • Open Puttygen.
    • Select load and choose All Files (.).
    • Load the new-key private key (created in step 1).
    • create vpc for linux instance
    • In the Key comment field, enter new key.
    • Copy the entire Public key value from the upper frame.
    • Example: ssh-rsa AAAAB3NzaC... Hjxu7JiYNoasuv1SH3Dwf0PD new key
    • create vpc for linux instance

  3. Update EC2 User Data

    • Stop the EC2 instance when its status is Stopped.

    • create vpc for linux instance

    • Go to Actions > Instance settings > Edit user data.

    • create vpc for linux instance

    • Choose Modify user data as text.

    • Enter the EC2 user name (e.g., ec2-user) under the line name.

    • Paste the copied Public key value under the line ssh-authorized-keys.

    • Copy and paste the following statements:

      Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0

--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"

#cloud-config
cloud_final_modules:
- [users-groups, once]
users:
  - name: ec2-user
    ssh-authorized-keys:
    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQ... Hjxu7JiYNoasuv1SH3Dwf0PD new key

    • Save the user data.

    • create vpc for linux instance

  4. Start the EC2 Instance

    • Start the EC2 instance when its status is Stopped.
    • create vpc for linux instance
    • Wait for the instance’s Status checks to pass (usually around 5 minutes).

  5. Access EC2 Linux-instance

    • Note down the EC2’s Private IP and key name (e.g., old-key).
    • create vpc for linux instance
    • Use Putty to connect using the Private key (new-key.pem) created in step 1.
    • create vpc for linux instance
    • Ensure the displayed Private IP in Putty matches the EC2’s Private IP.
    • create vpc for linux instance

  6. Congratulations! You have successfully accessed the EC2 Linux instance by replacing the public key.

Important Notes:

  • This solution only allows one opportunity to update the public key via EC2 user data. Copy the public key value from Puttygen carefully before starting the EC2 instance.
  • Starting the EC2 instance triggers the cloud-init process to configure the .ssh/authorized_keys file for logging in using the private key.